Analysis Overview
SHA256
9c6c8d9067ef80121336068f31f12bada84619a66501abad9cebc8e0f477f4d5
Threat Level: No (potentially) malicious behavior was detected
The file 91fd9b0e7e9b82b8fd59c83003d54738_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:41
Reported
2024-06-03 13:44
Platform
win7-20240508-en
Max time kernel
142s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{08D78471-21AF-11EF-B04F-52AF0AAB4D51} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000c83a431b3fad92cdc368d768f99a747b9411de0d425e90724c0370e61b52f66c000000000e80000000020000200000004046533060981550113aae34e64cc263ae3ece6327ffeec7fd49adaddd46637190000000c19edda22a5aa3e247c57e8e9d933751cf69139cdec2df418eae740f7f51c044e7a1354d447a34bf182a3ad4541b53e3eadd2b6586e875772b872f5e1c6f127f5da33f9150a8874f24b2229823b0eac08286b37874987691adcc887a95b742d5aadc0bf463d7c9676126ba9ceaa64424118ceb31346638206b4e4be533c42740d4a8b84bd5ea6825ad58d19d867e0948400000003a3a299e63da59c10d97701e0c52875ad933aaff91fe989d1120986a6001e75fdc6b3aacc7d2646b5c780c165cee9d5f188621c069e0f8da878e0884c719de4f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583980" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000096b49335c4d35d852920dc308784213bc726d1ee1d9d12d1eed6484112eb6d28000000000e800000000200002000000084bdf6a66d37513895400a8170c38b8d20335957d3c42b620c7b19d4349c9718200000005901630e88618093c15d418da1872e3acbd05451a521423e730a2208b2ae396240000000dc5eb5a2eb9e064a18dc965f905064e6ce58a94e9715d1718dcc1a5f36826945c2688c5f3a4c4bef1d0db7517e2c2d1fe6ab3916e1fca79b258a58f316777786 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00865bdfbbb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1896 wrote to memory of 2980 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1896 wrote to memory of 2980 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1896 wrote to memory of 2980 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1896 wrote to memory of 2980 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91fd9b0e7e9b82b8fd59c83003d54738_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | www.rumahblogger.com | udp |
| US | 8.8.8.8:53 | codice.shinystat.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 163.70.151.23:80 | badge.facebook.com | tcp |
| IT | 185.206.85.82:80 | codice.shinystat.com | tcp |
| IT | 185.206.85.82:80 | codice.shinystat.com | tcp |
| GB | 163.70.151.23:80 | badge.facebook.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| US | 34.231.96.3:80 | www.rumahblogger.com | tcp |
| US | 34.231.96.3:80 | www.rumahblogger.com | tcp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | s9.shinystat.com | udp |
| US | 8.8.8.8:53 | advm.brznetwork.com | udp |
| US | 8.8.8.8:53 | www.stafaband.info | udp |
| IT | 185.206.85.85:80 | s9.shinystat.com | tcp |
| IT | 185.206.85.85:80 | s9.shinystat.com | tcp |
| IT | 185.206.86.13:80 | advm.brznetwork.com | tcp |
| IT | 185.206.86.13:80 | advm.brznetwork.com | tcp |
| US | 8.8.8.8:53 | www7.cbox.ws | udp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| NL | 185.107.56.52:80 | www.stafaband.info | tcp |
| NL | 185.107.56.52:80 | www.stafaband.info | tcp |
| US | 8.8.8.8:53 | survey-smiles.com | udp |
| US | 8.8.8.8:53 | img132.imageshack.us | udp |
| US | 199.59.243.225:80 | survey-smiles.com | tcp |
| US | 199.59.243.225:80 | survey-smiles.com | tcp |
| US | 38.99.77.16:80 | img132.imageshack.us | tcp |
| US | 38.99.77.16:80 | img132.imageshack.us | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | static.cbox.ws | udp |
| US | 172.67.201.54:80 | static.cbox.ws | tcp |
| US | 172.67.201.54:80 | static.cbox.ws | tcp |
| US | 172.67.201.54:80 | static.cbox.ws | tcp |
| US | 172.67.201.54:80 | static.cbox.ws | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2054.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 13ed5e0369cedc64c8437eb9a493a981 |
| SHA1 | 880053c91809fef7b2a3d688143f554d5a05c0bd |
| SHA256 | 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454 |
| SHA512 | 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 503e93c7ff98cca43d5bbb244bc29dc9 |
| SHA1 | 0884aa47f37b83e74fc5fe84df6bd5cd752f0477 |
| SHA256 | 64d4b0c4c8f82850d999c347e25fce078f3a99af371eb052d107fd7d1f2aa8c1 |
| SHA512 | 0237849f32330a27a500bb817445807120b46dc919bd9d5422b0231cdee968b269e29609b62595e76ee473f0bc68ffd72ffe3c69ff31f6b17ac5a4b137cb7882 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1
| MD5 | 3cbd995f8bc61a3669d6dccec2391d8a |
| SHA1 | 39e5903bb99f1d045f6b0c2429b43ea8e2d551da |
| SHA256 | d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5 |
| SHA512 | 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\plusone[1].js
| MD5 | 53e032294d7b74dc7c3e47b03a045d1a |
| SHA1 | f462da8a8f40b78d570a665668ba8d1a834960c2 |
| SHA256 | 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2 |
| SHA512 | fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\cb=gapi[2].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afb0f4b768ff2058ff19ae78af783df1 |
| SHA1 | ae1f4e7b5895c5f36ebe5e2d9eeb5f5aace48ecc |
| SHA256 | d6f26f8b2a77ae7671b49095557886c6c8ea47a10ca9a5bb329f041cc131cb5b |
| SHA512 | c16ba4132742599ed6a73eecbb4a58bd6f8574f8bef0771338ddd24ad5b34f28481516342f570607f3b4bff45dc728fad9f5704980a605cc463293ddfc83f799 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7ab633cac6bfbd7028d49ff5434480d |
| SHA1 | 79164c76549266885e47265825e97a9bf2003868 |
| SHA256 | ec719566360f1f4dac6639127652b3a932761c11f900d63c321c2552e0a2dc1c |
| SHA512 | 7304f97d3f8996f644b5ef0407f6f2ff156d015fc6195653f76ee0512dacff156feb8ca9d76251a464e0158ad25e27928376179b752e41328a047b5a80196463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0aae8196d9356995c57751246a5c82f2 |
| SHA1 | c44a5dc7cf355c773e349683fa06f1a10b93f611 |
| SHA256 | 35838c92615d41ae3a0b3768b02c83b1c95e1affc7da9dea3e7e341804ada773 |
| SHA512 | d6dc08caf93e0c3a07b305097ad5e7dd83f95dfd566a779329e98eeea509877b875395d6318a6e155906bbea4d117d24a5f0a1638ae8f86be2772eaea3fc770e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba86231e8ee1b05bc430dc1b57ed4cea |
| SHA1 | 4e9a1368cd1c174be192ce8347dfcddbbfe13d8c |
| SHA256 | 54da504c3939c1c2f489f89fa03694b596acb95a742df6130e23884055f91ae1 |
| SHA512 | fa27160c146674df406ee269de3dbf3eaf399822f3afe3d5bede604309b4ee79114c93dee70edba8a094491a269a44578d6c504c71bf8e52626f63b53924e1e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b62cdeb6aa07a46eb2c45aa150508b94 |
| SHA1 | 27b3507ee229dbb97d47afe33993b15cd091a5c7 |
| SHA256 | 1a5bdbccd9877991f077da22d09b3004b87364b4cb5fe0df8b55abf98a46bd0c |
| SHA512 | 53795914ebcc0d8cf6cd8c5a6f6b8be1087b8af489314645c525c71e930c3462da208cfe028222e7461342c07d1940446293a0ab77d3a5d321bcd2463f4f510d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32599e52b8d886000766092be2e1438d |
| SHA1 | d990c483330867a8857dc59fbecb4e70394927da |
| SHA256 | ed30a4a1221240c322854cccfcf427b6e159a34aef7910c092b0b3a972d7317c |
| SHA512 | 44c6a7ec97c9410324f9ae485df351611037d5f37ab8a8a546b9fe78a272d22b49f6937bbae928d848cb5269e1cb344ac731ed757f4a8b1f8f7b7999e5570112 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11fe3704c42254e4b5ae3f522f376f1e |
| SHA1 | f5c4d209e8a1a48483dfe3ccb78c815fb8aea8e9 |
| SHA256 | a7e61b41eea28b6a53e596b642f7452134f5d134cfee0922aef50c7b1854415d |
| SHA512 | 656f4d2012db171533359d4df325a9174717f85931e179cfde7d7073df9ba75901d42b8e31ae2f95601038557a9e964388dbec11cec38539a4aa297925abea73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e795124776ea257cd61a7992e883e991 |
| SHA1 | bcf4ecb5d624d8d44542c4b5b8269e6343831e83 |
| SHA256 | 4af126a44f64164382b0c3ef33f72c1bea7aa3e30de70e7e57bea38b0f9a4f98 |
| SHA512 | 80f2f11bd5fae9b89dbc803d18fb5057312ce554470da89aba1034ad80c5ab054f7fcb8e1b06a0a0b4d4a463f64714cdb462e8ea0acc53e814699fa5a3beeaa7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b564a96a8f5fbbb919bfc7d7404da3b |
| SHA1 | e41189553b48fbf86a652a86ec20026b05b790d0 |
| SHA256 | 3aa9996d7788599d38e4a0bddaaee101670542222b7f2a47449810615d7ddfbd |
| SHA512 | 92258929a17d37cccbbe37e6f697d45231f2ba6338418162d27bd11382f1fa78b7ca652336581defba36be5763125d589375e243c49e81b115f8adac535c385d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fd5d74834fab74f9ae2b82234aabf1e |
| SHA1 | 9b7cd78f5f85edd55c2e2396072a3ecb52ae8d39 |
| SHA256 | 1944fb72993708554630431c3d0dada5a9b27a2320f334a40f013ff612cf19e9 |
| SHA512 | e39195a900bf8e3c4483af459b38edd4fc98e57df699aea413ac570a114b620077f8141fb0dd5f4ba2bed0e073d8dca882e6c1f8969534bbafe199f9e2b03628 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e52be33452295561e886604ca91f596 |
| SHA1 | 810f47a083eb7e31c93008f41d4405d6d24eef90 |
| SHA256 | b73167fec73330b4cd826c325ff020fb8e81c4c53cf2c53588d3266b1e5db688 |
| SHA512 | 0ded925a61b32c81a5725ab2ca59f5fd28877af251f11bea4cd70ac2b9a6f392c9dbf0683c144b6afc154ffdc0e35eb559e727807a3f19a9709fcd0c4ebd3813 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82b2d3ab8a6b5fbe38f91b3dfdc02ffa |
| SHA1 | be9591ec2b0bac536663b68125bc63acba9e8301 |
| SHA256 | ee5aa3cc9b05dfd38287c9000110459d83db5b45299076583d4508f2d1994c6a |
| SHA512 | 51a4f92beb053ac2b2462684943d518ff5282398826d25bc726e5dd4ed8adc14878d999e154d64066e4b542a095529a0ec7a1d7018c9b9ba6518299eac3b8cf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f39da58047c9d81d2b468a28e3a425c6 |
| SHA1 | 888af7a1e7f0a0af15c8e579df6353c47376db91 |
| SHA256 | 540227e97928b0ec499b94812527625bd980ab31ab60d068a2fdfa49bc449918 |
| SHA512 | 5696abab19983006baa80d32874c398d105285b71b9c25542cd80bff422075ae0f69b5fd4d8680b7388d2fac168f401a069c4280f000a6794e378158db629bf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89b60643d406d0ad0df8ae6831e4706b |
| SHA1 | c0b4466576e8bfc5e1eb33f3d251da126ccd6f65 |
| SHA256 | a820087958d24f5d82eb9bead00dccad1c1f00a2c3d1c698439b65be62cbc534 |
| SHA512 | 0da328290084a283a3ad0dbded265074845374fffdbc19ec50dcb332fb9fff72721ad3c07d370942f8c7807796462266e27a578cc9f9398450b909f5e39f429f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fac36bc30b59bff5fa9113c9748b6cf |
| SHA1 | 29f8c8cbc46792cbf343ff41c14df15686075775 |
| SHA256 | 2a0bb278fd47893091cf5a6ba8d72cdc21be95e3487dde4ba1c02d39449c240b |
| SHA512 | 521aa70a896a32ca0f99454d3eae3cb8a66107403bb996e860ee2892dc933adba969dc8b27c096bf7e3a3ec478d3bfcb629f60814f88416d69742096430490f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 802f646335fc7fc79f1ad7eaaaae86dc |
| SHA1 | 447a85cc83b2025d1e1e8f0b77069c92d69e600f |
| SHA256 | 4f87eea9f0b36f62c7c6bf9191a9bacb6c5db758333771be08958e811af068ff |
| SHA512 | 2ff540e2be628f3befdcbcc5c0554bd1fdfaf3621b16811686268d9aff8cee760f16029b9a171d56a13bbb3f9514fe897b75c6c3589119dcdac7a7d102226a37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e52abe28ad1bc7fadd2838431e91bb8b |
| SHA1 | 17489297a651ed5f4e90f4a5b23bf881af7ed8a1 |
| SHA256 | 979570b3d6aebfeadfc9c5af23cf7155e0da250bf7bef4ac1dc0b628f8f41f30 |
| SHA512 | b85b5e6b70b4a8f6c48b2d9b7c1cb473d661762abb21a8a6fed18a4b1441b54b5666d7c1f4e532e2debda4a1332d481b791eedb288bbbec7f76a222f01b5bd59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c3956849538b485a2f88f1bcdf002a8 |
| SHA1 | 738be828487971ed676f62dafa86cca13660501d |
| SHA256 | 35e8d403889eaf7a6914abd7c2ecb13386af89cffa21adf8e1f8255cf4e70fbb |
| SHA512 | a127733447b778ee42d3ae042f4ac56ebfc887a22efe194225519d7fe780c40f565f02b70835cb81e6382429384a9315ce865de711dbc75e79eab04543b5ccde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a6c0690b6434bb808b3819c7dec32bb |
| SHA1 | fca148eda61ea5c151309a849611b25c3d279d19 |
| SHA256 | 6ca446c491da346825d96ef0282fab9c8f59063e1d78eeab28cc55ca2f5bbe01 |
| SHA512 | 3a3b8a2457defc3f9277fd17277af63d0de85b8d56e93e2be388c900d0a64db3b91648b2e5f0d918294c8cd00a833ab4fa77f58b55608004d72712ade53dd6f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23709ebdfc9132e74ea50feb72ae79d4 |
| SHA1 | 2d61f24bbd42e5393cd009400a05ac3606e751a9 |
| SHA256 | 16d53a9f103c1ee28aa0ce6ea6b0f0a04593c0ee37b4d8eb78b1a6353b5ec29e |
| SHA512 | af1eb83952835dcf1589999d51ee6cfe8e7eb425a10eacf0f6a8a8f5989f587cf6ad02325ee947b94129b2f819b9312dde5716105c8d04408f5f806127eadd28 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:41
Reported
2024-06-03 13:44
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91fd9b0e7e9b82b8fd59c83003d54738_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b7db46f8,0x7ff9b7db4708,0x7ff9b7db4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,18077956126354770123,18013464111575602874,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codice.shinystat.com | udp |
| US | 8.8.8.8:53 | www.rumahblogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 34.232.203.70:80 | www.rumahblogger.com | tcp |
| GB | 163.70.151.23:80 | badge.facebook.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:445 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.203.232.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img132.imageshack.us | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 38.99.77.16:80 | img132.imageshack.us | tcp |
| IT | 185.206.85.82:80 | codice.shinystat.com | tcp |
| IT | 185.206.85.82:80 | codice.shinystat.com | tcp |
| US | 8.8.8.8:53 | www7.cbox.ws | udp |
| US | 8.8.8.8:53 | s9.shinystat.com | udp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| US | 8.8.8.8:53 | advm.brznetwork.com | udp |
| IT | 185.206.85.85:80 | s9.shinystat.com | tcp |
| IT | 185.206.86.13:80 | advm.brznetwork.com | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.85.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.85.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.41.181.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | static.cbox.ws | udp |
| US | 8.8.8.8:53 | 4nggi.wordpress.com | udp |
| US | 8.8.8.8:53 | spongebaykun.blogspot.com | udp |
| US | 8.8.8.8:53 | dafabulous.blogspot.com | udp |
| US | 172.67.201.54:80 | static.cbox.ws | tcp |
| US | 172.67.201.54:80 | static.cbox.ws | tcp |
| US | 172.67.201.54:80 | static.cbox.ws | tcp |
| US | 8.8.8.8:53 | www.cbox.ws | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.201.67.172.in-addr.arpa | udp |
| GB | 142.250.180.1:139 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| GB | 142.250.178.2:445 | pagead2.googlesyndication.com | tcp |
| GB | 172.217.16.226:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codicebusiness.shinystat.com | udp |
| IT | 185.206.86.14:445 | codicebusiness.shinystat.com | tcp |
| IT | 185.206.86.19:445 | codicebusiness.shinystat.com | tcp |
| IT | 185.206.86.17:445 | codicebusiness.shinystat.com | tcp |
| IT | 185.206.86.18:445 | codicebusiness.shinystat.com | tcp |
| US | 8.8.8.8:53 | codicebusiness.shinystat.com | udp |
| IT | 185.206.86.19:139 | codicebusiness.shinystat.com | tcp |
| GB | 142.250.200.1:80 | dafabulous.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_216_AHVMZAANTUBUJSLL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a16c5a078dae8230b23efa3f6864916 |
| SHA1 | 2ac3ee939439554a668ad9fe3c05541583af5ab3 |
| SHA256 | 51907583e0bfcd1bc832a646a928cadefc7e6bc59dc8cdac2c6eb91a213a0423 |
| SHA512 | 532f081a9855035a84512898469b88c8e138161f7cfb0130c30f4b6a69206d2aeda3a3d2df086cabc5b4ad3419fe736087fc542176b1554ffaa7454c653a544b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 23536ccfe05b737ae639fe63ee4cc435 |
| SHA1 | 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82 |
| SHA256 | 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce |
| SHA512 | f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 19e4e22c0816b2a067544eb4f609379c |
| SHA1 | 9960bd451530bc61e3292f3d8a8a3c1f2416ce9e |
| SHA256 | 2e3cdb2f44a0a0d56cc8493dea52a5ff1cb0123d7c807d593da68c156392e0aa |
| SHA512 | 66a31c9de934a48b13d6196d5450c83c6392eecf411878e52682db96ff6e216b5de44f34f6a062fbca2257ceb80407cfc4b4f50705cea193522b06bb875f23bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b01d5dbd522965728c3de04a87b6ac4c |
| SHA1 | 610e06dc7d6b1c517ccabbfc2937bee7f21661b2 |
| SHA256 | 2581ed4cecb50c02cc1b230298f582b6bf8dbcda6439f79c40b03879c9751c19 |
| SHA512 | 1348e894dedc0e8954522166c6ea685e9d60f3acea86c3f47871fcbc237e6bfc26356b8f5d7cef16a29a01e01d82cb12341416b07e1f5b65aa7a3c907c8a35e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f985af41c8676eb8710599b5797954a3 |
| SHA1 | 1474eeaf0753697d5bc4e1973a22f9e51f4a1035 |
| SHA256 | 630e9d36d9c9bdf854de75c4c3042292013d86dda1c6696824881cd5c77a4226 |
| SHA512 | 7882fd92823e98a06e777e4fc9c05e04655b625ffe2719ed843f1d20035bcb71473d162dfadfa113183e7b28936c8a8de89b23d9dc1382d6277ea45e6d15276b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05060efcf0f9c083fd829be68a8bf9a0 |
| SHA1 | 54a7393e928d3b345a749b47584108fb71c7ec14 |
| SHA256 | ce1d6fd159b42b5fdf1621c7c92143f24ba0aaa19a45c74abd9eb03c89d100de |
| SHA512 | be83bc924af504d858a853eea112db2ba3494ea58de34bcb1faaf6e1bf11667330835e728599914b629ef223f43d5b1c55f5ae5b464d14ed83547b4cde1d0e21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b23ad1f2d8a77c6212d93f63dc0d1b8f |
| SHA1 | e838d8589f404d0f5038d2b67b253c9b8f22477f |
| SHA256 | a46e476a4454d8d3270796b92c0f54e716e178782761602b311237c4ea93b223 |
| SHA512 | 9472c1905aa5f2c23b2a8980313592ad1168384ae2597b717457dfae2bb40c80fa42cbd052a77f9a1a320517dfcb898280541c419e8f910ce937c0d8188baece |